2 matches found
Pandora FMS <=7.0NG.722 - Remote Code Execution
Pandora FMS versions =7.0NG.722 are vulnerable to unauthenticated remote code execution by chaining an unrestricted file upload CVE-2018-11221 and a local file inclusion CVE-2018-11222. An attacker can upload a malicious PHP file as a plugin and execute it via LFI, leading to full compromise of t...
CVE-2018-11221
Pandora FMS up to version 7.23 is affected by CVE-2018-11221: an unauthenticated, untrusted file upload via include/ajax/update_manager.ajax in the update system allows an attacker to upload an arbitrary plugin.